PHP-Fusion Multiple Input Validation Vulnerabilities
BID:58226
Info
PHP-Fusion Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 58226 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 27 2013 12:00AM |
| Updated: | Feb 27 2013 12:00AM |
| Credit: | Janek Vind |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
PHP-Fusion Multiple Input Validation Vulnerabilities
PHP-Fusion is prone to multiple input-validation vulnerabilities including:
1. Multiple local file-include vulnerabilities
2. Multiple SQL-injection vulnerabilities
3. Multiple cross-site-scripting vulnerabilities
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, obtain sensitive information, execute arbitrary local scripts, access or modify data, or exploit latent vulnerabilities in the underlying database.
PHP-Fusion 7.02.05 is vulnerable; other versions may also be affected.
PHP-Fusion is prone to multiple input-validation vulnerabilities including:
1. Multiple local file-include vulnerabilities
2. Multiple SQL-injection vulnerabilities
3. Multiple cross-site-scripting vulnerabilities
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, obtain sensitive information, execute arbitrary local scripts, access or modify data, or exploit latent vulnerabilities in the underlying database.
PHP-Fusion 7.02.05 is vulnerable; other versions may also be affected.
Exploit / POC
PHP-Fusion Multiple Input Validation Vulnerabilities
Attackers can use a browser to exploit these issues. For cross-site scripting issues, an unsuspecting user must be enticed into following a malicious link.
The researcher who discovered these issues has created proof-of-concepts. Please see the references for more information.
Attackers can use a browser to exploit these issues. For cross-site scripting issues, an unsuspecting user must be enticed into following a malicious link.
The researcher who discovered these issues has created proof-of-concepts. Please see the references for more information.
Solution / Fix
PHP-Fusion Multiple Input Validation Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.